From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari <leo@famulari.name> Subject: libidn security update patch Date: Fri, 2 Sep 2016 02:41:36 -0400 Message-ID: <20160902064136.GA14384@jasmine> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="f2QGlHpHGjS2mn6Y" Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org> Received: from eggs.gnu.org ([2001:4830:134:3::10]:60156) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <leo@famulari.name>) id 1bfiAd-0000PQ-F5 for guix-devel@gnu.org; Fri, 02 Sep 2016 02:41:48 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <leo@famulari.name>) id 1bfiAa-0004IR-9e for guix-devel@gnu.org; Fri, 02 Sep 2016 02:41:47 -0400 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:49051) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <leo@famulari.name>) id 1bfiAZ-0004HM-2b for guix-devel@gnu.org; Fri, 02 Sep 2016 02:41:44 -0400 Received: from localhost (c-73-188-17-148.hsd1.pa.comcast.net [73.188.17.148]) by mail.messagingengine.com (Postfix) with ESMTPA id 30ACDF29D4 for <guix-devel@gnu.org>; Fri, 2 Sep 2016 02:41:37 -0400 (EDT) Content-Disposition: inline List-Id: "Development of GNU Guix and the GNU System distribution." <guix-devel.gnu.org> List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>, <mailto:guix-devel-request@gnu.org?subject=unsubscribe> List-Archive: <http://lists.gnu.org/archive/html/guix-devel/> List-Post: <mailto:guix-devel@gnu.org> List-Help: <mailto:guix-devel-request@gnu.org?subject=help> List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>, <mailto:guix-devel-request@gnu.org?subject=subscribe> Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org> To: guix-devel@gnu.org --f2QGlHpHGjS2mn6Y Content-Type: multipart/mixed; boundary="pWyiEgJYm5f9v55/" Content-Disposition: inline --pWyiEgJYm5f9v55/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline ... and the patch. --pWyiEgJYm5f9v55/ Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="0001-gnu-libidn-Replace-with-1.33-fixes-CVE-2015-8948-and.patch" Content-Transfer-Encoding: quoted-printable =46rom 217f444aa56ec292ddfaacfabcbb6ddea8d1f262 Mon Sep 17 00:00:00 2001 =46rom: Leo Famulari <leo@famulari.name> Date: Fri, 2 Sep 2016 02:11:49 -0400 Subject: [PATCH] gnu: libidn: Replace with 1.33 [fixes CVE-2015-8948 and CVE-2016-{6261,6263}]. * gnu/packages/libidn.scm (libidn)[replacement]: New field. (libidn-1.33): New variable. --- gnu/packages/libidn.scm | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/gnu/packages/libidn.scm b/gnu/packages/libidn.scm index 053565c..432c1fe 100644 --- a/gnu/packages/libidn.scm +++ b/gnu/packages/libidn.scm @@ -27,6 +27,7 @@ (define-public libidn (package (name "libidn") + (replacement libidn-1.33) (version "1.32") (source (origin (method url-fetch) @@ -45,3 +46,16 @@ names. It includes native C, C# and Java libraries.") ;; the command line tool is gpl3+. (license (list gpl2+ gpl3+ lgpl3+ fdl1.3+)) (home-page "http://www.gnu.org/software/libidn/"))) + +(define libidn-1.33 + (package + (inherit libidn) + (source + (let ((version "1.33")) + (origin + (method url-fetch) + (uri (string-append "mirror://gnu/libidn/libidn-" version + ".tar.gz")) + (sha256 + (base32 + "068fjg2arlppjqqpzd714n1lf6gxkpac9v5yyvp1qwmv6nvam9s4"))))))) --=20 2.9.3 --pWyiEgJYm5f9v55/-- --f2QGlHpHGjS2mn6Y Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXyR8gAAoJECZG+jC6yn8IlIYP/R2OdqOXqcGhmjXQttAUW+4N hhZgdaUI4fAGgRzNo6evKzPM6/mOAYX6wHFKPu6maps7xK/oXtzHz47l19WpJqDi uZQIZwskA7EzUbucJlWC623KnGgrna4nLXulqMCY7c117eDdtSE09aKnWhrgCNig dvOyyii8KJFzaVWfNvhtNqlJwJInsd2wtzkYVKfk4YB6CcP2npu7A1ZcuTnfLmeW kTiEe387ykY1tNj9RugKthDTyrlTv7WQex2B/Ta3G9jbQAjeqnGIQbjQ84E78ab+ jakKpXnXkajm800P4OwqJxbyy3irtBzL7oIbj1xpHI0ZkqIE5U952kbbsIHD3W3n Rhph3p5/hi2nh4CisU+fF8+uY/OlFonGATnGRKU2bQzMwOTxdAIqaLO7sQhqSxQY ze39oNSW8T3LUZwSS2OZNcr53lQh8V2EOGAYj/bjtFaeTdCJQcx5w2GTnGpJ9e1A Z/qm2MW2Ln4kNesbEEUq3RHWebxDv2hx4Rij4FIZvQA/S7//d9cyDJv/1fbQS5l5 5Y/rUoUBdchOKJ45khqaVe5Y4xxsgU+jN1cXsUF4RDD2j264lKBGPjjOtDbIP9UN keX+AfbAEDs4uFPdN9bpOlmAoonQg8y2oOX2HlAstOZYjQDceVwIasALhmu2nZTO h7oaoVeNqi6kPlry9bva =XiM1 -----END PGP SIGNATURE----- --f2QGlHpHGjS2mn6Y--